nanog mailing list archives

RE: Outgoing SMTP Servers

From: "Dennis Burgess" <dmburgess () linktechs net>
Date: Mon, 24 Oct 2011 23:49:11 -0500


On Oct 24, 2011, at 9:29 PM, Dennis Burgess wrote:

I am curious about what network operators are doing with outbound

SMTP

traffic.  In the past few weeks we have ran into over 10 providers,
mostly local providers, which block outbound SMTP and require the
users to go THOUGH their mail servers even though those servers are
not responsible for the domains in question!  I know other mail
servers are blocking non-reversible mail, however, is this common?
And more importantly, is this an acceptable practice?


It's both unacceptable in my opinion and common. There are even those
misguided souls that will tell you it is best practice, though general
agreement, even among them seems to be that only 25/tcp should be
blocked and that
465 and 587 should not be blocked.


[dmb] I would agree, for residential customers, if they use the "ISP"
domain, then yes they should relay though the ISPs mail server.  For
business customers and other residential customers that do NOT use the
ISP domain, then I think they should use their own mail server that they
already pay for.



Most of our smaller ISPs that we support; we allow any outbound SMTP
connection, however we do watch residential users for 5+ outbound

SMTP

connections at the same time.  But if the ISP has their own mail

servers, and users wish to relay though them, we basically tell them
to use their mail server that they contract with.  What is the best
practice?


Best practice is to do what works and block as much SPAM as possible
without destroying the internet in the process. There are those who

argue

that blocking 25/tcp does not destroy the internet. By and large, they

are

the same ones who believe NAT was good for us.

Owen


[dmb] Lots of smaller ISPs out there run thousands of customers though
NAT and I can see the need to properly "monitor" the SPAM activity on
those IPs, not saying that is right, but I do see the point, in this
event.  But for ISPs that are handing out publics, I don't see how
blocking outbound Port 25 helps, other than makes more support calls for
the end users.  Keep in mind that, ATT DSL and the local cable co here
in STL, both block outbound port 25, but a simple phone call or e-mail
to their support and they will remove the block.

Current thread:

Outgoing SMTP Servers Dennis Burgess (Oct 24)
- Re: Outgoing SMTP Servers Owen DeLong (Oct 24)
  - RE: Outgoing SMTP Servers Dennis Burgess (Oct 24)
  - Re: Outgoing SMTP Servers Bjørn Mork (Oct 25)
    - Re: Outgoing SMTP Servers Carlos Martinez-Cagnazzo (Oct 25)
    - RE: Outgoing SMTP Servers Dennis Burgess (Oct 25)
    - Re: Outgoing SMTP Servers David E. Smith (Oct 25)
    - Re: Outgoing SMTP Servers Carlos Martinez-Cagnazzo (Oct 26)
    - Re: Outgoing SMTP Servers Randy Bush (Oct 25)
  - Re: Outgoing SMTP Servers Jeroen van Aart (Oct 25)
  - RE: Outgoing SMTP Servers John van Oppen (Oct 26)
    - RE: Outgoing SMTP Servers up (Oct 26)
- Re: Outgoing SMTP Servers Mikael Abrahamsson (Oct 24)

(Thread continues...)